Hackers violate security

Usernames and phone numbers of users were published on website

Associated Press

Associated Press

Published 5:30 pm, Thursday, January 2, 2014

This Thursday, Oct. 24, 2013 file photo shows Snapchat CEO Evan Spiegel in Los Angeles. Snapchat, the disappearing-message service, has been quiet following a security breach that allowed hackers to collect the usernames and phone numbers of millions of its users. Snapchat said Thursday, Jan. 2, 2014 that it is assessing the situation, but did not have further comment. Earlier in the week, hackers reportedly published 4.6 million Snapchat usernames and phone numbers on a website called snapchatdb.info, which has since been suspended. (AP Photo/Jae C. Hong) ORG XMIT: CAJH301

Snapchat, the disappearing-message service popular with young people, has been quiet following a security breach that allowed hackers to collect the usernames and phone numbers of millions of its users.

Company spokeswoman Mary Ritti said Thursday morning that the company is assessing the situation, but did not have further comment.

As Americans rang in the New Year, hackers reportedly published 4.6 million Snapchat usernames and phone numbers on a website called snapchatdb.info, which has since been suspended. The breach came less than a week after security experts alerted Snapchat of a vulnerability in its system and warned that an attack could take place.

In response to the warning, Snapchat said in a blog post last Friday that it had implemented "various safeguards" over the past year that would make it more difficult to steal large sets of phone numbers. But the measures appear to have fallen short.

The incident bruises the image of a young company that reportedly turned down a $3 billion buyout offer from Facebook last year. According to the Pew Research Center's Internet & American Life Project, 9 percent of U.S. cellphone owners use Snapchat, which amounts to roughly 20 million adults, based on 2012 census data. The Pew study didn't include users under 18, a demographic with which Snapchat is especially popular. The Los Angeles-based company, which has no source of revenue, has not disclosed its own user figures.

What should users do? Gibson Security, the firm that warned Snapchat of the security vulnerability on Dec. 25, has created a site, — http://lookup.gibsonsec.org/ — that lets users type in their username to see if their phone number was among those leaked. Of two user accounts The Associated Press checked, one was found to have been compromised.

Gibson Security did not publish the last two digits of the phone numbers. Gibson says users can delete their Snapchat account if they wish, but "this won't remove your phone number from the already circulating leaked database." Users can also ask their phone company to give them a new phone number.

"Ensure your security settings are up to scratch on social media profiles. Be careful about what data you give away to sites when you sign up — if you don't think a service requires your number, don't give it to them," Gibson said.